Contents

# frozen_string_literal: true

module TaintedLove
  module Replacer
    class ReplaceYAML < Base
      def should_replace?
        Object.const_defined?('YAML')
      end

      def replace!
        YAML.instance_eval do
          alias :_tainted_love_original_load :load

          def load(source, *args)
            TaintedLove.report(
              :ReplaceYAML,
              source,
              [:rce],
              'YAML.load using tainted input'
            ) if source.tainted?

            _tainted_love_original_load(source, *args)
          end
        end
      end
    end
  end
end

Version data entries

5 entries across 5 versions & 1 rubygems

Version	Path
tainted_love-0.4.1	lib/tainted_love/replacer/replace_yaml.rb
tainted_love-0.4.0	lib/tainted_love/replacer/replace_yaml.rb
tainted_love-0.1.5	lib/tainted_love/replacer/replace_yaml.rb
tainted_love-0.1.4	lib/tainted_love/replacer/replace_yaml.rb
tainted_love-0.1.3	lib/tainted_love/replacer/replace_yaml.rb